sasank.io
← writing
from the trenches

Tokenization is mostly compliance (and that's why it's hard)

June 8, 2026 RWAs · tokenization · compliance · capital markets

Every few years someone announces that tokenization is about to eat the world, and every few years it doesn’t, and the reason is always the same: people fall in love with the token and ignore the back office.

The token is the easy 20%. Minting an asset onchain is a weekend project. The hard, unglamorous, value-creating 80% is everything around it, and that 80% is the actual product. It's also the reason these jobs haven't been automated.

What the demos skip

A tokenization demo shows you a building, or a treasury bill, turning into a shiny onchain asset you can trade in one click. It’s a beautiful lie of omission, and I’ve watched a lot of smart money fall for it.

What the demo doesn’t show you:

  • Who legally owns the thing, and whether the token has a claim a court would actually honor. A token is a database entry. The asset is a building in a jurisdiction with laws. The bridge between those two facts is a stack of legal structure that took lawyers months to build, and if it’s wrong, the token is worthless no matter how elegant the contract.
  • Custody. Where does the real asset live? Who holds it? What happens if they vanish, or get hacked, or simply make a mistake? The entire promise of “backed by a real asset” rests on a custody arrangement that is mundane, expensive, and absolutely load-bearing.
  • Compliance. KYC, accreditation checks, transfer restrictions, jurisdiction-by-jurisdiction rules, the transfer agent, the regulator who hasn’t fully decided how they feel about any of this yet. Every transfer of a real-world-asset token is a regulated event, and pretending otherwise is how you end up in a deposition.
  • What happens when it breaks. A default. A dispute. A chargeback against a thing that was supposed to be final. The clever part of the system is what happens on the happy path. The valuable part is what happens when something goes wrong, because in finance, something always eventually goes wrong.

None of that is glamorous. All of it is load-bearing. Skip any one and you don’t have a tokenized asset, you have a screenshot.

I’ve been circling this for years

My first real job in this space was building a portfolio-management system that connected venture funds to their onchain investments, back-office machinery for tracking capital across positions. From the outside it looked like screens, charts, a nice interface. Underneath it was reconciliation, custody questions, and the unsexy problem of knowing, reliably, what you own and what it’s worth right now. That problem, which sounds trivial, is most of the actual difficulty in finance. Knowing your position, with confidence, in real time, is shockingly hard once real money and real complexity are involved.

Then a few years of market-mechanism and governance work, designing the incentives that make a decentralized thing actually coordinate, learning how liquidity really moves and how it dries up, and what separates a market that clears from one that just exists on paper.

And now the synthesis, back-office software for raising capital, for real-world assets, at the scale the problem deserves. It’s the same problem the whole time, viewed from progressively higher altitude. Capital formation is, underneath, an infrastructure problem. Raising and moving money looks like relationships and decks and charisma. Most of it is plumbing, the boring, reliable, regulated machinery that lets capital actually form, move, and settle without something breaking.

Why “boring” is a moat

Here’s the thing I had to learn in the trenches, and it took longer than I’d like to admit.

The reason these jobs haven’t been automated isn’t that the technology is missing. It’s that the compliance and grunt work is genuinely, structurally hard. That’s not a reason to avoid it. That’s the moat.

Anyone can write a smart contract. Genuinely, anyone can, the barrier there has fallen to nearly zero. What very few people can do is write the smart contract and hold the transfer-agent relationship and satisfy the regulator and structure the legal claim correctly and make the whole thing settle cleanly when a deal goes sideways at the worst possible moment. The defensibility was never in the code. It was in the surrounding eighty percent the whole time, the part that’s slow and relational and regulated and impossible to fake.

This is, I think, deeply counterintuitive to people who come from pure software, where the elegant core is usually the valuable part and the integration work is an afterthought. In regulated finance it’s exactly inverted. The integration is the product. The compliance is the moat. The boring part is the whole business.

Where this goes next

And here’s where it gets genuinely interesting, and why I’m not just nostalgic about plumbing. The same grunt work that’s protected this moat, the reconciliation, the checks, the document-shuffling, the exception-handling, is exactly the kind of work a capable agent can start to carry.

For decades the reason you couldn’t automate this layer wasn’t that it was intellectually deep. It was that it was fuzzy, judgment-laden, and high-stakes, the kind of work that needed a human because the rules never quite fit the case. That’s precisely the shape of work the new generation of agents is newly good at. Which means the moat doesn’t disappear, but the economics of crossing it change dramatically, and the people who understand both the compliance layer and the agent layer are standing on something rare.

That’s the next essay, and it’s the bet I’m actually making.